for installation on the server side, click
First, account login system flow Explained
When the client input account login system, the system according to the/etc/nsswitch.conf configuration file to obtain the account lookup sequence, and then call the relevant module according to the PAM configuration file, the account (/etc/passwd) and password (/etc/shadow) to find and match. When the local match is unsuccessful, it is verified by the backend authentication server (OPENLDAP server).
Second, the configuration file function introduction
Here are a few configuration files and then we'll make changes, and here's a brief introduction.
/etc/nsswitch.conf This file is used primarily for name translation services and is used to authenticate local files or Remote authentication server files that are read by the user.
/etc/sysconfig/authconfig is primarily used to provide an LDAP feature for authentication, which is used to track whether the LDAP authentication mechanism is properly enabled.
/etc/pam.d/system-auth is primarily used to implement user account authentication.
/ETC/PAM_LDAP.CONF implements client-side interaction with the server.
/etc/openldap/ldap.conf is primarily used to query all OPENLDAP server entry information.
Introduction to three or three types of deployment methods
1. Graphical deployment
The configuration is generally implemented by using the setup, Authconfig-gui command to invoke the graphical interface. It is very easy to add a client to the OPENLDAP server configuration graphically, simply by prompting and correctly selecting the menu and correctly entering the values for the server and base DN.
When the configuration is complete, the configuration files involved are modified according to the parameters you have defined to complete the deployment of the client.
2. Configuring document Deployment
When the graphical interface deployment does not meet the current requirements, the deployment of the OPENLDAP client is implemented by choosing to modify the profile, for example, when tuning the profile extra parameters.
3. Command line Deployment
Deployment of the command line is generally implemented through anthconfig. Command-line deployment is the hardest of the three configurations, and it is difficult to understand that you need to define the relevant options and parameters beforehand.
Iv. graphical deployment of OPENLDAP clients
1. Download the Setup tool
Yum Install Setuptool-y
2, Domain name resolution, time synchronization
3. configuration file Backup
Cp/etc/nsswitch.conf/etc/nsswitch.conf.bakcp/etc/pam.d/system-auth-ac/etc/pam.d/system-auth-ac.bak
4. Operation procedure
Run the Setup command directly.
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M02/85/DB/wKiom1esTCjRWWljAAA3l31Aabs037.jpg "style=" float: none; "title=" qq20160811174045.jpg "alt=" Wkiom1estcjrwwljaaa3l31aabs037.jpg "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/85/DB/wKiom1esTFKByG5dAACs6laj-2c498.jpg "title=" Qq20160811175552.jpg "alt=" Wkiom1estfkbyg5daacs6laj-2c498.jpg "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/85/DA/wKioL1esTGKRw364AACMuruWFN0135.jpg "title=" Qq20160811174232.jpg "alt=" Wkiol1estgkrw364aacmuruwfn0135.jpg "/>
Found me a software not installed, nothing, we install just.
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/85/DB/wKiom1esTKGgVns4AABORahljpU953.jpg "title=" Qq20160811174516.jpg "alt=" Wkiom1estkggvns4aaborahljpu953.jpg "/>
5. View modified Files
Now look at what files he has modified.
[Email protected] ~]# Vimdiff/etc/nsswitch.conf/etc/nsswitch.conf.bak
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/85/DA/wKioL1esT12zIHy_AAHzy2bhXSA740.jpg "title=" Qq20160811180954.jpg "alt=" Wkiol1est12zihy_aahzy2bhxsa740.jpg "/>
[Email protected] ~]# Vimdiff/etc/pam.d/system-auth/etc/pam.d/system-auth.bak
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/85/DA/wKioL1esT3DyiRdGAAKTPnNZ8QI050.jpg "title=" Qq20160811181107.jpg "alt=" Wkiol1est3dyirdgaaktpnnz8qi050.jpg "/>
This article is from the "Little Water Drop" blog, please make sure to keep this source http://wangzan18.blog.51cto.com/8021085/1836997
OpenLDAP Client Deployment